Sign in / up

back to article Here's yet more ransomware using BitLocker against Microsoft's own users

Yet more ransomware is using Microsoft BitLocker to encrypt corporate files, steal the decryption key, and then extort a payment from victim organizations, according to Kaspersky. The antivirus maker's Global Emergency Response team spotted the malware, dubbed ShrinkLocker, in Mexico, Indonesia, and Jordan, and said the code's …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Pelican Express

    VBScript can run system process?

    How comme a VBScript running in user space could do low level system action such as resize partition, and encrypt the entire disk?

    3 0 Reply
    1. Sandtitz Silver badge
      Reply Icon

      Re: VBScript can run system process?

      "How comme a VBScript running in user space could do low level system action such as resize partition, and encrypt the entire disk?"

      The answer is: it cannot. The malware depends on user having admin rights. Read the Kaspersky analysis, there's a link in the article.

      .

      "The most plausible explanation for this is that they already had full control of the target system when the script was executed."

      "Mitigations [...] Ensure that users have only minimal privileges. This way, they cannot enable encryption features or change registry keys on their own"

      3 0 Reply
  2. Hubert Cumberdale Silver badge

    FFS

    (see title)

    1 3 Reply
    1. Hubert Cumberdale Silver badge
      Reply Icon

      Re: FFS

      Slightly baffled by the downvotes. I was merely expressing general frustration at this as a problem – was I not specific enough?

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like